Add SSL_CTX_set_tmp_ecdh.pod

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

2 files changed, 57 insertions, 0 deletions

diff --git a/doc/man3/SSL_CTX_set_tmp_ecdh.pod b/doc/man3/SSL_CTX_set_tmp_ecdh.pod
new file mode 100644
index 0000000000..08e88da312
--- /dev/null
+++ b/doc/man3/SSL_CTX_set_tmp_ecdh.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto
+- handle ECDH keys for ephemeral key exchange
+
+=head1 SYNOPSIS
+
+#include <openssl/ssl.h>
+
+long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh);
+long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh);
+
+long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);
+long SSL_set_ecdh_auto(SSL *ssl, int state);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be B<ecdh>.
+The key is inherited by all B<ssl> objects created from B<ctx>.
+
+SSL_set_tmp_ecdh() sets the parameters only for B<ssl>.
+
+SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() are deprecated and
+have no effect.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_tmp_ecdh() and SSL_set_tmp_ecdh() return 1 on success and 0
+on failure.
+
+=head1 SEE ALSO
+
+L<ssl(7)>, L<SSL_CTX_set1_curves(3)>, L<SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_options(3)>, L<SSL_CTX_set_tmp_dh_callback(3)>,
+L<ciphers(1)>, L<ecparam(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod
index 6cc1c4bcff..1695f7ea19 100644
--- a/doc/man7/ssl.pod
+++ b/doc/man7/ssl.pod
@@ -383,6 +383,8 @@ Use the file path to locate trusted CA certificates.
 
 =item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
 
+=item long B<SSL_CTX_set_tmp_ecdh>(SSL_CTX* ctx, const EC_KEY *ecdh);
+
 =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
 
 =item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
@@ -678,6 +680,12 @@ fresh handle for each connection.
 
 =item void B<SSL_set_timeout>(SSL *ssl, long t);
 
+=item long B<SSL_set_tmp_dh>(SSL *ssl, DH *dh);
+
+=item long B<SSL_set_tmp_dh_callback>(SSL *ssl, DH *(*cb)(void));
+
+=item long B<SSL_set_tmp_ecdh>(SSL *ssl, const EC_KEY *ecdh);
+
 =item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
 
 =item void B<SSL_set_verify_result>(SSL *ssl, long arg);
@@ -785,6 +793,7 @@ L<SSL_CTX_set_session_id_context(3)>,
 L<SSL_CTX_set_ssl_version(3)>,
 L<SSL_CTX_set_timeout(3)>,
 L<SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_tmp_ecdh(3)>,
 L<SSL_CTX_set_verify(3)>,
 L<SSL_CTX_use_certificate(3)>,
 L<SSL_alert_type_string(3)>,